home

dl.downb468.com

Domains By Proxy, LLC  (Proxy Registrant)

Domain Information

The domain dl.downb468.com is registered by proxy through GODADDY.COM, LLC and was originally registered in August of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Cambridge, Massachusetts within the United States which resides on the Akamai Technologies, Inc. network.
Registrar:
GODADDY.COM, LLC

Server location:
Massachusetts, United States (US)

Create date:
Wednesday, August 28, 2013

Expires date:
Friday, August 28, 2015

Updated date:
Friday, August 29, 2014

ASN:
AS20940 AKAMAI-ASN1 Akamai International B.V.

Root domain:
downb468.com

Whois:
2 downb468.com records

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.FIRSERIASL.Q, PUP.Installer.AppsInstallerSL.Q, PUP.Installer.EilioDevelopmentssl.R, PUP.FIRSERIASL.Q, PUP.Solimba.FIRSERIA.Bundler (M), PUP.Solimba.EilioDev.Installer (M), PUP.Solimba.RAPIDDOW (M), PUP.Solimba (M)
100.00%

VIPRE Antivirus
DownloadMR, Threat.4150696
10.34%

Dr.Web
Trojan.DownLoader11.4341, Trojan.DownLoader11.24441, Adware.Downware.1433
10.34%

Malwarebytes
PUP.Optional.AppsInstaller, PUP.Optional.Solimba, PUP.Optional.FirSeriaInstaller
10.34%

NANO AntiVirus
Trojan.Win32.DownLoader11.cykqpy, Trojan.Win32.Morstar.dfgpqs, Trojan.Win32.Downware.ctidvo
10.34%

Kaspersky
not-a-virus:AdWare.Win32.Fiseria, not-a-virus:Downloader.Win32.Morstar, not-a-virus:Downloader.Win32.Firser
10.34%

Comodo Security
Application.Win32.FirseriaInstaller.IFA, Application.Win32.Solimba.LSW, Application.Win32.Solimba.J
10.34%

Sophos
Solimba Installer, PUA 'Solimba Installer'
10.34%

Avira AntiVirus
APPL/Firseria.A.20, APPL/Firseria.Gen8, TR/Crypt.ULPM.Gen
10.34%

G Data
Win32.Application.Morstar, Gen:Variant.Application.Bundler.Kazy.132995, Gen:Application.Bundler.Firseria
10.34%

Vba32 AntiVirus
Downware.Morstar
10.34%

AVG
BundleApp, Adware BundleApp_r.AV, Adware AdInstaller.Firseria
10.34%

Panda Antivirus
Trj/Genetic.gen, Trj/CI.A, Adware/Firseria
10.34%

IKARUS anti.virus
PUA.Downloader.AppsInstall, AdWare.BundleApp, PUA.FirseriaInstaller
10.34%

avast!
Win32:Adware-BQN [Trj], Win32:Firseria-A [PUP]
6.90%

The domain dl.downb468.com has been seen to resolve to the following 8 IP addresses.

23.62.7.25
a23-62-7-25.deploy.static.akamaitechnologies.com
January 9, 2015

23.62.7.51
a23-62-7-51.deploy.static.akamaitechnologies.com
January 9, 2015

184.51.126.43
a184-51-126-43.deploy.static.akamaitechnologies.com
December 2, 2014

184.51.126.65
a184-51-126-65.deploy.static.akamaitechnologies.com
December 2, 2014

23.0.160.11
a23-0-160-11.deploy.static.akamaitechnologies.com
September 28, 2014

23.0.160.17
a23-0-160-17.deploy.static.akamaitechnologies.com
September 28, 2014

23.67.243.48
January 6, 2014

23.67.243.41
a23-67-243-41.deploy.static.akamaitechnologies.com
January 6, 2014

File downloads found at URLs served by dl.downb468.com.

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (88fb835730d25c37277510d06cd1674f)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (e534e068f95571c6045b2c8d1416b26a)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (00fac467bce48b7449f903d1fd479404)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (bca830b98cdb9a7c4322de93d6bde106)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (645a6e24b15bedbdcd1c92066befef53)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (560d58351eeb8d9ae140967607a30bf3)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (610ade75d187b56e6df3cbb2d6e29b09)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (cb341cf0ede824e6471c983251b5a651)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (929b8c5bade1606354df949c87badfc3)

1 / 68      (Adware)
http://dl.downb468.com/n/.../microsoft office.exe  (ccfbf5f10638b14eda68659629894b41)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (15658a4e49d58f142e28b860449e6723)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (c5fc33e693fc4e8aa3d462646cdec61e)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (17f3128d1bdd7d6f6e5b3bb2eb921860)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (c7c0deabb6d4247ba8b9fbbe654aaa34)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (9be862c4e2ebc026bd92b72f9076927b)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (8306fe569f454a8e7774baa99de6e61d)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (4260cb140c77b024a672d27ed769c3a0)

1 / 68      (Adware)
http://dl.downb468.com/n/3.0.19.4/.../File_Downloader.exe  (b90d544841b258e9adaa8d84223f1e52)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (455944e4b2dd2a80a66bddcf6c028ed0)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (d45344a5eedde900ea1994b70999891f)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (9bc0f0214b9f3d529a47482cd2f1199b)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (cd666b27bb233e98a26a9e25cceb41da)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (e5159c5901b542a210f392e1fa987865)

1 / 68      (Adware)
http://dl.downb468.com/n/.../AVS_Media_Player.exe  (444204aa61ee1830d4830b6b1bfaadfd)

1 / 68      (Adware)
http://dl.downb468.com/n/.../CBR Reader.exe  (52b44835cb49479ad6729a757171f2b8)

29 / 68    (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (d564ef7b8c8842c8cc73f0ac54e7b138)

24 / 68    (Adware)
http://dl.downb468.com/n/3.1.26/.../Showbox Installer.exe  (4c04a7401c98018716d8da7dd68635b7)

22 / 68    (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (f29c2bfd6f678defd005a995974d1856)

1 / 68      (Adware)
http://dl.downb468.com/n/.../FLV_Media_Player.exe  (61e68fc063bc0dfedec4c37e2dc6e0ea)

The following 101 files have been seen to comunicate with dl.downb468.com in live environments.

TCP » 184.51.126.65:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.65:80
browser.exe (Browser)

TCP » 184.51.126.65:80
wikithemes.exe

TCP » 184.51.126.43:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 184.51.126.65:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 184.51.126.65:80
geniecleaner.exe (Genie Cleaner by Oppoos.com)

TCP » 184.51.126.65:80
pi1vgjqw.exe

TCP » 184.51.126.65:80
dailywiki.exe

TCP » 184.51.126.65:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 184.51.126.43:80
comcastantispyservice.exe

TCP » 184.51.126.43:80
kolhglholjmoidcmgkojghhjllnbehim.crx

TCP » 184.51.126.43:80
omhchlgiohmfombbbjhoahjmofeienlg.crx

TCP » 184.51.126.43:80
phknmhmjgifnnalncpcilipgoaophoog.crx

TCP » 184.51.126.43:80
olkpfcgompgkeceodpodleppkhdjoeom.crx

TCP » 184.51.126.65:80
cnetinstaller

TCP » 184.51.126.65:80
ajjpgnlpolfpnebjjaciccmmjnmjfjkl.crx

TCP » 184.51.126.65:80
pmnnomhnpajkdgjpgffnphooamboiogk.crx

TCP » 184.51.126.65:80
fkmpjkomnpflaenmiccjmbkaapicalje.crx

TCP » 184.51.126.65:80
mgecpdghpgpnpbaipkgdmjmoihnhicjg.crx

TCP » 184.51.126.65:80
updateadmin.exe

 
Latest 20 of 101 files

URL:
http://dl.downb468.com/

Web server:
AkamaiGHost

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.